December 2, 2024 at 01:08PM The ‘Bootkitty’ UEFI bootkit, the first malware targeting Linux systems, exploits CVE-2023-40238 (known as ‘LogoFAIL’) to infect computers with vulnerable UEFI firmware. This discovery highlights a significant security threat for Linux users. **Meeting Notes Takeaways:** 1. **Introduction of ‘Bootkitty’:** A new UEFI bootkit known as ‘Bootkitty’ has been identified, targeting … Read more
September 17, 2024 at 09:32AM Roughly 9% of tested firmware images use non-production cryptographic keys, making Secure Boot devices vulnerable to UEFI bootkit malware attacks. Known as ‘PKfail’, this supply chain attack affects various computer manufacturers and has been addressed by Binarly, who released a “PKfail scanner” to identify vulnerable firmware submissions. Vendors are taking … Read more
September 3, 2024 at 11:48AM D-Link has issued a warning about four remote code execution (RCE) vulnerabilities affecting all hardware and firmware versions of its DIR-846W router. They will not be patched as the products are no longer supported. Based on the meeting notes, the key takeaway is that D-Link has warned about four remote … Read more
July 26, 2024 at 05:51AM Binarly has identified a security vulnerability named “PKfail,” centered around an exposed American Megatrends International Platform Key (PK), utilized as a Secure Boot private key. This flaw, found in hundreds of computer models from various manufacturers, allows attackers to sign and execute malicious code during the device’s boot process, potentially … Read more
January 18, 2024 at 05:03AM Multiple security vulnerabilities in the TCP/IP network protocol stack of an open-source UEFI firmware are collectively dubbed PixieFail. These issues could be exploited to achieve remote code execution, denial-of-service, DNS cache poisoning, and leakage of sensitive information. Various firms’ UEFI firmware are impacted, and the CERT Coordination Center provided advisory … Read more